CoW Swap Proposes Grants Program for DNS Hijacking Victims
CoW Swap Proposes Grants Program for DNS Hijacking Victims
🔐 CoW Swap victims await...
CoW Swap has announced a discretionary grants program to compensate victims of the April 14 DNS hijacking incident. The proposal requires governance approval due to the significant sums involved.
What happened:
- An attacker convinced CoW Swap's DNS registrar they were a team member using false documents
- The attacker deployed a phishing site that mimicked CoW Swap exactly
- Attack occurred in two phases: wallet drainer and fake wallet modals harvesting seed phrases
Current status:
- CoW Swap has regained full control of the cow.fi domain
- Vercel confirmed no compromise of CoW Swap's credentials or data
- All security tokens have been rotated and deployments audited
Next steps:
- Community members can review and provide feedback on the grants proposal
- The proposal must pass governance voting to take effect
CoW Swap emphasizes this was a social engineering attack on their registrar, not a breach of their infrastructure or result of leaked information.
🚨🚨 We are currently experiencing an issue with the CoW Swap frontend (swap.cow.fi). While we are investigating, please DO NOT use CoW Swap.
We’ll continue monitoring as Vercel’s investigation progresses. We have no indication CoW Swap was among the impacted customers. However, we still completed all recommended remediation steps: ✅ Rotated all tokens ✅ Audited deployments -> no malicious code ✅ Reviewed activity
We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…
Sometime after 13:00 UTC yesterday, an attacker gained enough control over cow.fi to create a new SSL certificate and serve malicious content to CoW Swap's primary domain. They were able to do this by convincing our DNS registrar that they were a CoW Swap team
Update: CoW Swap has received communication from Vercel stating, “At this time, we do not have reason to believe your Vercel credentials or personal data have been compromised.”
User protection is a core promise of CoW Swap. We are therefore proposing a discretionary grants program so that victims of the April 14 DNS hijacking incident can be made whole as quickly as possible. Proposal details can be found on the CoW DAO forum, here:
UPDATE: The swap dot cow dot fi domain is currently locked and not accessible. We are working with security experts to assert control over the domain while it is locked, but we *do not* expect it to be live again tonight. For those who rely on CoW Swap daily, we have spun up a
We have a new instance of CoW Swap live now at cow.finance to allow safe usage of the protocol. Please remain cautious and continue to refrain from using swap dot cow dot fi until the team signals it is safe to use.
Once they had control of the domain, the attacker deployed a phishing site designed to look exactly like CoW Swap. The attack escalated in two phases: - Phase 1: wallet drainer (connected wallets prompted to sign malicious transactions) - Phase 2: fake wallet modals harvesting
🚨🚨 UPDATE: CoW Swap experienced a DNS hijacking at 14:54 UTC (approximately 90 minutes ago). The CoW Protocol backend and APIs were not impacted, but we have paused them temporarily as a precaution. We are now actively working to resolve the situation. Please continue to
UPDATE: We now have full control of the cow.fi domain. CoW Swap has been working as normal at cow.finance for some time now, and we are now working to transition it back to it's original domain. In the meantime, here is an update on we know about
CoW Swap Launches on Linea L2 and Deepens Aave Integration
**CoW Swap is now live on Linea**, Ethereum's L2 network, bringing gasless trading and advanced order types to the platform. **Key features on Linea:** - Gasless swaps by default - no ETH needed for gas - Limit and TWAP orders - Swap & Send functionality - Upcoming Swap & Bridge feature **How it works:** CoW Protocol's solver network competes to find the best prices across DEXs while protecting users from MEV attacks. **Expanded Aave integration** also launched, powering more DeFi operations: - Collateral swaps - Repay-with-collateral transactions - Debt swapping All operations are **gas-optimized and MEV-protected**. The integration uses intent-based transactions - users specify what they want, and solvers find the optimal execution path. **Benefits include:** - Solver-routed execution for better prices - Shared liquidity across $10B+ monthly volume - Simplified user experience with fewer approvals Try CoW Swap on Linea: [swap.cow.fi](https://swap.cow.fi/#/59144/swap/WETH/0x176211869cA2b568f2A7D4EE941E073a821EE1ff) Learn more about the Aave integration: [aave.com/blog/aave-cow-swap](https://aave.com/blog/aave-cow-swap)
Study Shows CoW Swap Leads Intent-Based DEXes in Decentralization and Volume
A comprehensive 6-month trading analysis reveals CoW Swap's dominance among solver-based DEXes: - **Higher Trading Volume**: ~$200M daily vs $60M (1inch Fusion) and $30M (UniswapX) - **More Decentralized**: Top solver only controls 25% market share, with next five at ~10% each - **Better for Large Trades**: Shows best execution improvement for trades over 100 ETH The study compared CoW Swap, 1inch Fusion, and UniswapX, finding solver-based DEXes generally outperform traditional alternatives through optimized routing and off-chain liquidity access. Try CoW Swap: [swap.cow.fi](https://swap.cow.fi/#/1/swap/WETH/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48)
CoW DAO at DevCon Bangkok: Schedule of Events
CoW DAO announces their presence at DevCon Bangkok with a packed schedule: - Tuesday: @Silver_Queen presents on user interaction in web3 - Wednesday: Booth presence at ArbiVerse (Arbitrum event) with swag giveaways - Thursday: @AnnaMSGeorge discusses CoW AMM's batch mechanism - Friday: Two key talks: * @AndreaCanidio on trade intents and fair mechanism design * @fleupold_ explores PBS in Ethereum **Special Event**: CoW DAO hackathon offering $10,000 in prizes at ETHGlobal Visit the CoW DAO booth to connect with the team and collect exclusive swag!
MEV Blocker Partners with DeFi Saver for Enhanced User Protection
MEV Blocker has announced a partnership with DeFi Saver to enhance user protection against Miner Extractable Value (MEV). Key points: - DeFi Saver's TxSaver feature now integrates MEV Blocker - This integration aims to make transactions smoother and safer - Users' trades will be protected from prying eyes - The partnership offers improved rebates and protection This collaboration represents a significant step in safeguarding DeFi users from potential MEV exploitation. Users can expect enhanced privacy and potentially better trade execution through this integration. To learn more about TxSaver and its use of MEV Blocker, check out the detailed thread provided by DeFi Saver.